These days, human resource management and leaders must wear many different hats.
From sourcing and onboarding talent to offboarding and departing employees. From managing employee conflict to supporting professional growth. From legal compliance watchdog to fostering a culture of equity and belonging. From managing employee relations to fostering a positive working environment.
Human resources manage the entire employee lifecycle. Their role is pivotal in aligning organisational goals with the well-being and development of the workforce.
Because HR plays a broad, multifaceted role within the organisation, it’s no wonder that security leaders are keen on leveraging their collective expertise. This is especially true as they confront one of the most formidable and subtle threats to enterprises today: Insider risk.
It’s typically not the first area security and risk management think of when focusing on business risk, but it should be.
Insider risk presents organisations with a broad spectrum of potential harm that, if not carefully managed, can severely blow up in their face.
Whether from a disgruntled employee leaking data intentionally, a frustrated employee who seeks to misuse information for personal gain, an accidental exposure by a negligent worker, or a well-intentioned staff member falling for sophisticated phishing, they share a common factor: the human element.
From the standpoint of HR, insiders play a pivotal role in propelling organisations toward accomplishing their mission, goals, and objectives.
HR teams view people as our greatest asset. However, for security teams, people are often regarded as the “weakest link” in the security chain, as they can be duped, manipulated, make mistakes or intentionally be motivated to cause harm.
In other words, it doesn’t matter how good or strong your security systems might be if the individuals who are trusted and authorised to your organisation’s most valuable assets can either intentionally or accidentally cause harm
Unfortunately, most organisations don’t fully realise the potential impact and the cost of an insider incident until they experience it first. By then, it is too late.
Boaz Fischer is Australia’s Trusted Authority On Insider Risk Management. A cyber security expert par excellence, Boaz is the owner of five companies and a consultant for the Australian government. He’s made it his mission to help businesses understand the risks their companies face from insiders.
As far as cybercrime and cyber security are concerned, insider threats are the elephant in the room. It’s a subject that is often regarded as “taboo” and one that the experts would rather not discuss, in part because companies don’t want to consider the idea that parties within their organisations could be causing harm.
This level of ignorance isn’t limited to run-of-the-mill businesses, either. Tech giants, critical infrastructure organisations and even government agencies are woefully naïve regarding this potential threat. To complicate matters, while “insider threats” sound like a simplistic problem that should have a simplistic solution, nothing could be further from the truth.
Understanding that you face a threat from your employees can be difficult to take, but it doesn’t mean that you shouldn’t trust them. After all, you can’t sack everyone, and you certainly can’t do business without them. What you can do is understand the risks, how they present themselves and what you can do about them.
© 2023 Naked Insider, Level 1 Colbee Court, Phillip ACT, Australia Tel: +61 6282 5554